pacapana — a tool suite to analyse protocol streams
Pacapana is a tool suite to analyse protocol streams and prepare flow characteristics. Understand protocol interaction due to explicit exchanged information (e.g. TCP options) or detect inconsiderable protocol properties based on stream causalities are one potential use case of pacapana.
On the other hand, the tool suite can be used to gather information about network infrastructures and detect potential bottlenecks (think about superfluous timeouts et cetera). Pacapana parses PCAP data files - saved in the well known data format for capturing network traffic - and run the selected routines and let it up to you to interpret the results. Realtime analysis isn't supported, cause this isn't the main use case of pacapana, it's an offline tool.
- All conceivably register and unregister functionality (absolute, relative, ...)
- Distribution algorithms for time handling (e.g. normal-, standard distribution)
- Data output formats (based on analysis method):
- ASCII output (cli - command line interface)
- Libcairo (PNG, PDF, PS, SVG)
svn co http://pacapana.svn.sourceforge.net/svnroot/pacapana
SF_NAME=your-sourceforge-name # svn co git svn clone https://$SF_NAME@pacapana.svn.sourceforge.net/svnroot/pacapana [...] # svn up git svn rebase # svn commit git svn dcommit
./waf configure --prefix=/usr ./waf build su -c './waf install'
Handy PCAP Filter Expressions
# filter only packets comming from web (port 80) tcp src port 80 # filter for packets comming from host 192.168.0.1 src host 192.168.0.1 # to filter packets received from and send to 192.168.0.1 host 192.168.0.1 # filter only SYN packets tcp = 2 # filter for SYN or SYN/ACK tcp & 2 = 2 # filter ARP packets arpHere are two worthwhile resources with useful examples:
Examples - Use Cases
Use Case 1 - Throughput Analysis
ContactFeel free and drop some lines:
Hagen Paul Pfeifer hagen©jauu.net (replace © with @)